Duke APT group devises new campaigns to maintain detection evasion

SeaDuke, the firm wrote in a post, differentiates itself from prior iterations by being written in Python and having cross-platform functionality across Windows and Linux. On the other hand, CloudDuke is an “entire toolset” of malware components, including a unique loader, downloader, and two different trojan components.

CloudDuke also uses cloud storage services for both command and control and the exfiltration of stolen data. F-Secure cited Microsoft's OneDrive as the campaign's preferred cloud solution. This likely helps evade detection because a popular cloud storage service wouldn't raise red flags, the post stated.

The researchers tied CloudDuke to the group's prior CozyDuke campaign because of their similar spearphishing emails. CozyDuke is believed to have targeted the White House and State Department this past year.

Techscape is SC Media’s content marketing platform. Industry experts share their views in the following categories

Partner Content is sponsored content brought to you by a vendor

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.